SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow us to enable Firewall and NAT rules from within the Edit rule

    By default you don't enable the rules yet you don't have the option to enable the rule when you create it... ! Please add this option at the bottom so we don't have to remember to click the rule on after we create the rule we obviously want on.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support for Industrial Protocols in DPI / IDS

    We are fairly recent Sophos partner, our business is in industrial automation and control systems customers.

    Security for industrial automation, critical infrastructure, and industry 4.0 is very much a hot topic right now.

    We would like to see some development to include capability for Deep Packet Inspection and control of industrial control protocols such as:

    Modbus TCP
    Ethernet/IP (CIP)
    OPC Classic (DCOM / RPC)
    Siemens S7
    etc.

    Inclusion of rules for these into IDS would also be welcomed.

    A number of vendors approaching us are starting to get into this specialist area of the market and it would be great…

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Executive Reports (firewall) of top Ten should exclude packets that do not traverse the firewall

    Executive Reports of top Ten include packets which are dropped by the UTM. Since the goal of network admins is to detect unauthorized traffic which penetrates the firewall, Executive Reports which include dropped packets are a waste of time. For every item, the admin is forced to download the appropriate firewall log file and see of the IP address in question is included in the list of drops. This is a great waste of time. If you do not fix this, our company will be forced to find an alternative solution.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Uplink Balancing & NAT Masq

    Problem: You may create NAT Masq rules for your ISP and segment off portions of your network to specific addresses under Network Protection > NAT. If you obtain a secondary ISP and turn on uplink balancing under Interfaces & Routing > Uplink Balancing, your NAT MASQ rules change to uplink interfaces. The NAT MASQ rules only MASQ the primary interface. The current interface doesn't allow for changing to multiple interfaces.

    Solution: Allow uplink balancing to be used and allow multiple interfaces to be configured under the MASQ ruleset so that traffic may use either configured interface to NAT MASQ.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Ability to whitelist interfaces from strict TCP session handling

    A customer needs to block spoofed ACK packets on their WAN interfaces in order to pass security policies. In order to do this, they need to enable strict TCP session handling so they can avoid TCP session pickup. This works, however, it's global and causes problems for one of their applications on the LAN side.
    By allowing a whitelist of interfaces to allow TCP session pickup, the customer can meet security requirements without disturbing their application.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. VoIP helper & TLS

    Deutsche Telekom provides TLS-Support with their "SIP-Trunk". This can't be used with the SG's VoIP helper and telephony systems connected to the LAN.
    Please enable SSL/TLS interception for the VoIP helper.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow user-defined rules to be applied before built-in rules

    There is a strong need to be able to prevent access to several protocols that have proxies implemented in ASL (e.g. SMTP).

    Currently, the fact that built-in rules are always applied before user-defined ones has the following consequences:
    - It is impossible to prevent access to one of these proxied services alone. The only option is use blackhole routing (which prevents all trafic from and to the targeted networks).
    - It is very much unclear to the user why a given rule isn't applied. Instinctively, an explicit "deny" rule should always apply before any and all "allow" rules. This rather…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Introduce Behavior and Reputation Based IPS Signatures

    There are Snort based IDS rule sets that provide behavior and reputation based rules which do not currently appear to be available in the UTM. Current IPS rules are insufficient to detect connections from known malicious hosts. Further, we have experienced fairly large brute force attacks against open RDP ports (business requirement) , that went undetected by the UTM IPS.

    Example Rules:
    Emerging Threats - ET CINS Active Threat Intelligence Poor Reputation series signatures
    Emerging Threats - ET SCAN Behavioral Unusually fast Terminal Server Traffic

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Implement DNS Blacklist in the DNS Server, not the IPS subsystem.

    IPS blocks queries to resolve untrusted host names. This tells the client that the DNS server has failed, not that the query should not be resolved. Consequently, the client immediately re-attempts the query using a different path. The consequences of having no response from all DNS servers will be implementation specific and therefore unpredictable.

    Instead, we need UTM to return a non-existent domain result (NXDOMAIN), so the client stops trying to resolve the name at all. This is how Quad9 is described to work. To produce this result, the blacklist has to be moved out of IPS and into the…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Notify me when unauthorised devices appears in default VLAN - when DHCP is used

    Unconfigured Switch ports have the default VLAN, which is not in use - but the UTM has a DHCP to hand out IP Addresses. When this happens, this must be unauthorized - so I would like to get a notification.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. NTP server for XG series

    The XG series is missing, among other things, the ability to act as NTP time source (server) for the local networks.

    This feature is common even on "open source" firewalls.

    This is a limiting factor in how I can recommend this to clients.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. IPS Log Files need the IPS Rule ID

    To create an IPS exception, the system administrator must know the rule number. But there is no way to determine a rule number, so the exception capability is useless. The GUI does not provide a rule review tool. The log files contain: reason (test), group (number), class (text), and sid (number), but not a rule number. My attempts to correlate UTM field values with the Snort product documentation have also been unsuccessful. The Snort documentation refers to SIDs, but they are fewer digits than the UTM SIDs, with no discernible matching technique. Level 1 Support was also unable to add…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. DNS visibility controls based on connection

    Different remote access configurations have differing needs for access to internal resources. Users with limited access rights should only be provided enough DNS information to complete the connections that they need. Resolving any other address can produce several different problems: (1) For WAF and any other externally-published resources.: A remote access user, with limited access to internal systems, may still be required to access other resources through externally-published addresses, such as a WAF site. If his remote access connection only returns internal information, he will be misdirected and unable to access the resource that he is supposed to used. (2)…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. DNS Hosts based on SRV Adresses

    Hi,

    please add SRV Records as a usable Network Entity Definition. At the moment just A and CNAME Records are suitable.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Packet filter: allow wildcard subdomains

    Firewall packet filtering based on wildcard subdomains and reverse DNS resolution.

    Would like to allow/deny connections, using the packet filter, based on a wildcard subdomain (think *.example.com).

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. ICMP

    Restricting ICMP and Traceroute response to specific IP's or IP ranges.

    Would like to see the sophos be able to restrict ICMP or trace route responses from the UTM to only specific IP address or ranges.

    This would prevent unwanted potential hackers or BOT IP ping sweeps from detecting equipment on a network from the internet.

    As of now the sophos ver 9 firmware UTMs only allow global "on/off" settings for ICMP and traceroute.

    Sonicwall firewall provide the ability to restrict ICMP responses to specific IP's using a WAN-to-WAN access rule. I would like to see this option available in…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add time field in attacks

    Kindly add a field as "time" for "top attacks" report in the latest version of cyberoam firewall . It will be helpful if we come to know that when the attack occured for security purposes. When we see the report of "events" , time field is there but similar facility is not available for "top attacks".

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. host blacklist

    I want the ability to plain and simply paste in a bunch of IPs that are routed to localhost thereby blacklisting them. Or, even better, add a service that I can just turn on that points to a maintained list of such hosts... which can be found here: https://adaway.org/hosts.txt

    This kind of request has been repeatedly asked for for a decade. Why is there no effort but into such a simple task?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Segregate 'IoT' devices from 'User' devices

    'IoT' devices typically need far fewer protocols and often contact only a handful of services. They can (and should) be given much more restricted access to the public internet.

    I would like to have 'groups' or 'types' of network devices (by MAC address), which can have different restrictions applied, as a group.

    Ideally, add the ability to constrain the number of simultaneous connections and/or IP addresses for a given IoT device.

    As a convenience, leverage the IEEE OID database to assign new devices automatically to the appropriate group, e.g. detecting a new device manufactured by Nest is automatically assigned to…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Detect port scans using an XG and automatically block the source IP

    The XG firewall should be able to detect port scans when they occur and then have the ability to block the source IP.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 9 10
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.